2481454 – (CVE-2026-9541) CVE-2026-9541 squirrel: Squirrel: Heap-based buffer overflow in Cnut File Handler via ReadObject function

Bug 2481454 (CVE-2026-9541) - CVE-2026-9541 squirrel: Squirrel: Heap-based buffer overflow in Cnut File Handler via ReadObject function

Summary: CVE-2026-9541 squirrel: Squirrel: Heap-based buffer overflow in Cnut File Han...

Keywords:
Status:	NEW
Alias:	CVE-2026-9541
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2481469 2481470 2481471 2481472
Blocks:
TreeView+	depends on / blocked

Reported:	2026-05-26 14:02 UTC by OSIDB Bzimport
Modified:	2026-05-26 14:59 UTC (History)
CC List:	0 users
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2026-05-26 14:02:18 UTC

A security flaw has been discovered in Squirrel up to 3.2. Impacted is the function ReadObject of the file squirrel/sqobject.cpp of the component Cnut File Handler. Performing a manipulation results in heap-based buffer overflow. The attack is only possible with local access. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.

Note You need to log in before you can comment on or make changes to this bug.